1. Technical Field
The present invention relates in general to computer systems and, in particular, to electronic files on computer systems. Still more particularly, the present invention relates to a method of providing security to electronic files on a multiple-user accessible computer system.
2. Description of the Related Art
Electronic files are often stored on a computer system that is accessible to multiple users. The users may be local users or remote users, who access the computer system from across a network. Typical networks range from smaller and geographically compact local area networks (LAN) to larger and geographically distributed Wide Area Networks (WAN) such as the Internet.
In a networked computer system environment, there is occasionally a need or desire to protect particular electronic files from access by general users. That is, limited access to a particular file is provided to specific system users who are authorized to access the particular file, while no access is provided to other users authorized to be on the system but not authorized to access the particular file.
Presently, file access protection is handled at the Operating System (OS) level. The OS authorizes file access capability for various types of users by one of several OS specific software-based methods known in the art. UNIX, for example provides file access protection via the “chmod” command, which allows a user or system administrator to establish Read/Write/Execute file privileges for individual users or groups of users at the OS level.
The use of OS level protections, however, have proven to be susceptible (i.e., vulnerable) to being compromised by hackers, making the OS level protection less desirable for sensitive files. Also, due to reliance on a system administrator, lapses, which occasionally occur in system administration result in corresponding lapses in security of user's password and file authorization.
In some instances, very sensitive files are stored on a separate, external, hard drive, which is connected to the computer system during use. To prevent unauthorized access of the hard drive, owners of the hard drives often completely remove their hard drives when the files are not in use. The owner may then store the hard drive in a secure place. Such a process is inefficient and does not provide universal protection for drives which are internal drives that cannot be easily removed or for the period of time when such drive is installed in the system. Also, if an unauthorized user gains physical access to the hard drive that has been removed, the unauthorized user merely has to connect the drive to a computer system to gain access to the files stored on the hard drive. Similar concepts apply to other mass storage media, such as CDs/DVDs and tapes.
The present invention recognizes the need for providing a security mechanism beyond the level of standard OS protections for electronic files stored on a security-sensitive drive. A system in which a security-sensitive drive is resistant to hacking and other forms of unauthorized access would be a welcomed improvement. These and other benefits are provided in the present invention.